WooCommerce sent an email with this statement to account holders today,
"On January 12, 2023, we were notified about an unauthorized breach of Mailchimp, a communications tool WooCommerce uses to send emails to customers who have opted in. Our account is one of 130+ that appear to have been impacted by this security incident.
This breach may have resulted in some of the information you've shared with us, including your name, store URL, and email address, being exposed. No payment data, passwords, or other sensitive security information is part of this breach.
Your store and customer data have not been impacted by this incident, nor have your WordPress.com or WooCommerce.com accounts. This was not a breach of WordPress.com or WooCommerce.com.
What happens next?
At this time, no action is required on your part.
There is no indication the person who engaged in unauthorized access to Mailchimp has taken any action with the exposed information. However, we are contacting you out of an abundance of caution to alert you to that possibility in the future. We have confirmed with Mailchimp that our account is secure and follows all security best practices, and are working with them to better understand the cause of this breach and what they're doing to prevent similar incidents in the future.
If you have any questions about Mailchimp's breach, please feel free to contact us.
We apologize for any issues or concerns this may have caused, and we will keep you updated if any new information arises."